Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.247.origin
- Android.Triada.248.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Triada.247.origin
- Android.Triada.248.origin
Сетевая активность:
Подключается к:
- 1####.####.1
- 1####.####.1:8088
- 1####.####.88
- 1####.####.88:8999
- 6####.####.140
- l####.####.com
- res####.####.com
Запросы HTTP GET:
- 1####.####.88/catServer/upload/images/5e9b3c3c-c105-4901-bee3-1079140d85...
- res####.####.com/v3/ip?key=####
Запросы HTTP POST:
- 1####.####.1/sdkserver/v2/serviceConfig
- 1####.####.1:8088/sdkserver/v2/appActive
- 1####.####.88:8999/catServer/recommend!status.action
- 6####.####.140/ando/v1/x/lv?app_id=####&r=####
- l####.####.com/sdk.php
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/0456616ec46368af94767de9cd8491371c6f47a0e58b10c76784551facbf6095.0.tmp
- <Package Folder>/cache/####/1acc0c6e6b6012c2bac6e88d52a0975de30b4ae51ace91b2c927b7bfc5f05184.0.tmp
- <Package Folder>/cache/####/2ffe3e468bdae393a4f7e89d50ced109989f7c925e1878e708600e53a4afd670.0.tmp
- <Package Folder>/cache/####/30bb6f60b18a93bf1bac3730eaff5ad3f81fe92731d17d36985664d9aed25b67.0.tmp
- <Package Folder>/cache/####/34922784a4e887c59539620068fef0a1a4c529914b124e3a871a3dc08aa07680.0.tmp
- <Package Folder>/cache/####/38c467c78851194651e6226e78d58f367ae08d6b9dbb550ea565f77c369aeadb.0.tmp
- <Package Folder>/cache/####/424d829a3ed8e5e0d3c3d01985f4035bf3c27e7e47701e52e097b634bc83db9f.0.tmp
- <Package Folder>/cache/####/4f58997a26a6f66978bb72025c9207ef0a14aa868c64a852cf50223560ce5ee7.0.tmp
- <Package Folder>/cache/####/55af1d6178151870083479d48dc57b895baf09012377d54a22c1e17cbe647e65.0.tmp
- <Package Folder>/cache/####/5b935ea90c5533ff82f86183fb986babe547375b7495a7b25f42546c8d675870.0.tmp
- <Package Folder>/cache/####/68183c7fe74f40da13584103f9cfd91abb889edc88c007c4a376b5ac2e418153.0.tmp
- <Package Folder>/cache/####/6beba163d413229f743400ec7ac7e7189eef6fed891ee0c2694455fbf5347d4d.0.tmp
- <Package Folder>/cache/####/6fd22ccc39839c7846e32ce68bd9b7c9902d552a4f52b52c980919b9677937a4.0.tmp
- <Package Folder>/cache/####/8aabff9ff6b990b7bb65d75b731b0d0d5315461c7618407799dea0338e5911a8.0.tmp
- <Package Folder>/cache/####/9000de5ba38c58e1c081fe50579f8143448cc757b793ab0f435d838816707d68.0.tmp
- <Package Folder>/cache/####/947b4e63f138d820251951612f57eee0eb5be52ae9900a5e44c3f92ceb0f35a7.0.tmp
- <Package Folder>/cache/####/a387f08654cbb98652097a0b823d52a33d531632c7d07341d67cb7d87fcdfd8c.0.tmp
- <Package Folder>/cache/####/a4cfb92e0ffb1e0503f564d0d9125405e96eb47a31ccc3831bab97adb34614ed.0.tmp
- <Package Folder>/cache/####/aa2dfe35e12d0e9cd8efa4151c9c0f829e31ccb03b5e48fe71e08904cf498673.0.tmp
- <Package Folder>/cache/####/b037f5b2966d76c75dbf03a13b2546db8124a71c6810edbc20d5f91ad61d3897.0.tmp
- <Package Folder>/cache/####/cf6d9ae37301618a3b585018b17f7114dc2971b51a69126a3bdb2b1e9323c376.0.tmp
- <Package Folder>/cache/####/d79d4ebd00eb1d1a36bfa0cd82d995ce033a0c5c3bb830ae491633d755f2e121.0.tmp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/e92f217dc3b83ebf3e95c288e122f325d3b77836ecdb39abf858f987f150c2ef.0.tmp
- <Package Folder>/cache/####/ead6c1c732626ba1afbc459aaaba2e0a3cd6c0c63d3975dbdb706044761c7b58.0.tmp
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/code-7230272/eOf1qcuyU0hdzj4i
- <Package Folder>/databases/IaB97Cpy283P3uwC6My43LJkQGxARKREcCYHeHfO4CM=_77KMq3HEqhnqXdTK1qvRCw==
- <Package Folder>/databases/IaB97Cpy283P3uwC6My43LJkQGxARKREcCYHeHfO4CM=_77KMq3HEqhnqXdTK1qvRCw==-journal
- <Package Folder>/databases/IaB97Cpy283P3uwC6My43LJkQGxARKREcCYHeHfO4CM=_bPLZDneln0kcSng1huGpTQ==
- <Package Folder>/databases/IaB97Cpy283P3uwC6My43LJkQGxARKREcCYHeHfO4CM=_bPLZDneln0kcSng1huGpTQ==-journal
- <Package Folder>/databases/IaB97Cpy283P3uwC6My43LJkQGxARKREcCYHeHfO4CM=_lMzJA5lkm-T7tOnhPIg77093noE=
- <Package Folder>/databases/IaB97Cpy283P3uwC6My43LJkQGxARKREcCYHeHfO4CM=_lMzJA5lkm-T7tOnhPIg77093noE=-journal
- <Package Folder>/databases/IaB97Cpy283P3uwC6My43LJkQGxARKREcCYHeHfO4CM=_rms7AMfpMruVX77C
- <Package Folder>/databases/IaB97Cpy283P3uwC6My43LJkQGxARKREcCYHeHfO4CM=_rms7AMfpMruVX77C-journal
- <Package Folder>/databases/IaB97Cpy283P3uwC6My43LJkQGxARKREcCYHeHfO4CM=_x3DqOO9cSbI=-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/download.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/####/282f4qML66znWgkFNjHxnLos-RSCI6AMqGl1Qbt3TPE=.new
- <Package Folder>/files/####/5695aLBmhB5hNLkgv7s-WQ==
- <Package Folder>/files/####/5695aLBmhB5hNLkgv7s-WQ==.new
- <Package Folder>/files/####/A9mNODIJP-DmlQ0QvPPeorC5pUE1mvs7.new
- <Package Folder>/files/####/AQUWBdXGKxNuaq0v_dZlmph2EmU=.new
- <Package Folder>/files/####/HhlnTrtqz_PXWlZT
- <Package Folder>/files/####/QMxofspPnk-V1MS1IXfJrg==.new
- <Package Folder>/files/####/RblFmyHXZANDtNLR1ckRz_tNBjPKM19EoaU7vTaRfgc=.new
- <Package Folder>/files/####/UWdTYAhAVrmcLLng6bj3Rblj77o=
- <Package Folder>/files/####/UWdTYAhAVrmcLLng6bj3Rblj77o=.new
- <Package Folder>/files/####/YSncfvbFHePiFkKk5pG3FhsvCSo=.new
- <Package Folder>/files/####/ZUxHh0kGqCa68IY75bJ7ZNgmX047AlfB.new
- <Package Folder>/files/####/abY9L2-xfYhPrw8JypCQmm52M-OZjdReMtIzLA2jqI4=.new
- <Package Folder>/files/####/cY7bsRVl8sQZDpqQGzeYMcyGacu4ATlV.new
- <Package Folder>/files/####/cfiGm7FTe-2IjJebxEtmeRkuWFo=.new
- <Package Folder>/files/####/fd88Z-P9hCO6mwrBZWcCsmYxKSPrJ5DZNsE1eA==.new
- <Package Folder>/files/####/gs6NrTRkLNLnrb0iiphoJQ==
- <Package Folder>/files/####/ibEhBzWJ509L3rPWfxBw0GNCjRs=
- <Package Folder>/files/####/joJFAmP-2MV07gmpWGeDJJVFDYD-2OF6.new
- <Package Folder>/files/####/lD5cb_i1BoArCU5x6-AEnPViAkZIJt50.new
- <Package Folder>/files/####/o7An91y2aZzfTlBW.zip
- <Package Folder>/files/####/o9on3uRoV8z3wD-HQihjh5937sb_MnJs.new
- <Package Folder>/files/####/qb3VW_aXFmS6rXJ2LLhGrXYkDE8beSRbG9bNkg==.new
- <Package Folder>/files/####/runner_info.prop.new
- <Package Folder>/files/####/s4nnadAiz-ywUQRtNqeT3g==.new
- <Package Folder>/files/####/sa34m1tbt8jE_-QD-JH857F1-1C2xu-c8td5GjeNegM=.new
- <Package Folder>/files/####/sotZMFL6MiUxN6FXnANR7Rt7sHI2POgQ
- <Package Folder>/files/####/sotZMFL6MiUxN6FXnANR7Rt7sHI2POgQ.new
- <Package Folder>/files/####/txdcxq_f.zip
- <Package Folder>/files/####/vxOQoYxYy1rnBNIhmJw6uafQjqc=
- <Package Folder>/files/####/vxOQoYxYy1rnBNIhmJw6uafQjqc=.new
- <Package Folder>/files/####/wkvQRzoLQNhDvnxbNG3ohw==
- <Package Folder>/files/####/xNM_BStXlB35LJGw1eUMIiaOlawFNjdp.new
- <Package Folder>/files/####/yt7GeDwoQuk3r0Gbou5RS9SEMrSAsDa9ElaCCg==.new
- <Package Folder>/files/patch.jar
- <Package Folder>/files/rdata_comandroidsupport.new
- <Package Folder>/shared_prefs/share_data.xml
- <Package Folder>/shared_prefs/share_data.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/.armsd/####/5NCMj4FHDAiNMsrjQKob6JdxZXM=.new
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- <SD-Card>/.armsd/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- <SD-Card>/.armsd/####/MP8MtaBuguN9jnuSwtN1kQ==
- <SD-Card>/.armsd/####/r_pkDgN4OhnkSa0D
Другие:
Запускает следующие shell-скрипты:
- /data/data/com.aoteman.dfpw.dpfp/code-7230272/eOf1qcuyU0hdzj4i -p com.aoteman.dfpw.dpfp -c com.android.support.vajdxa.hj.hj.ho.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
- <dexopt>
- sh <Package Folder>/code-7230272/eOf1qcuyU0hdzj4i -p <Package> -c com.android.support.vajdxa.hj.hj.ho.c -r /storage/emulated/0/.armsd/tjfblFPob85GtAQw/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M -d /storage/emulated/0/Download/ladung
